-# OpenDoas: a portable version of OpenBSD's `doas` command
+# OpenDoas
+
+> a portable version of OpenBSD's `doas` command
`doas` is a minimal replacement for the venerable `sudo`. It was
initially [written by Ted Unangst](http://www.tedunangst.com/flak/post/doas)
of the OpenBSD project to provide 95% of the features of `sudo` with a
fraction of the codebase.
-At the moment only linux with GLIBC or musl libc is supported and tested.
+This fork insults you, similar to `sudo`.
+
+## Building and installation discouragements
-## Building and installing
+There are a few steps you have to carefully consider before building and installing
+opendoas:
-```
-$ ./configure
-$ make
-# make install
-```
+* There are less eyes on random doas ports, just because sudo had a vulnerability
+ does not mean random doas ports are more secure if they are not reviewed
+ or pam is configured incorrectly.
+* If you want to use pam; You have to [configure pam](#pam-configuration)
+ and failing to do so correctly might leave a big open door.
+* Use the configure script.
+* Use the default make target.
+* If you really want to install a setuid binary that depends on
+ pam being correctly configured, use the make install target
+ to install the software.
## About the port
The PAM and shadow authentication code does not come from the OpenBSD project.
-### Perist/Timestamp/Timeout
+### pam configuration
+
+I will not ship pam configuration files, they are distribution specific and
+its simply not safe or productive to ship and install those files.
+
+If you want to use opendoas on your system and there is no package that
+ships with a working pam configuration file, then you have to write and
+test it yourself.
+
+A good starting point is probably the distribution maintained `/etc/pam.d/sudo`
+file.
+
+### Persist/Timestamp/Timeout
The persist feature is disabled by default and can be enabled with the configure
flag `--with-timestamp`.
projects / opendoas.git / blobdiff